CVE-2019-11232

EXCELLENT INFOTEK BiYan v1.57 v2.8 allows an attacker to leak user information Password without being authenticated, by sending an EMPNO element to the kwslogin/asp/queryuser.asp URI, and then reading the PWD element...